Using strong, unique passwords for all of your online accounts and devices is often recommended as the best way to keep them secure but what if your devices don’t have any password at all?
Unfortunately this is often the case with many smart devices according to new research from Avira’s IoT research team which found that 34 percent of all cyberattacks on connected devices occur because no password credentials are set at all.
When launching IoT attacks, cybercriminals focus on a known vulnerability in a smart TV, smart camera or other connected device and try different username/password combinations in order to gain entry into the device.
However, the “blank input fields” combination is significantly higher than the number of attacks with other popular username/password combinations which suggests that many smart device manufacturers are leaving these fields empty and therefore, easily crackable by hackers.
Smart device credentials
Security researchers at Avira used honeypots as a means of acquiring the data needed for their latest investigation. Honeypots are often used in the fight against cyberattacks as they allow researchers to attract hackers to uncover their latest techniques and preferred targets.
Manager of Avira’s Protection Labs and IoT Research Lab, Imran Khan explained in a press release that blank credentials are even more common than using ‘admin’ as a password, saying:
“The most common credentials used by IoT attacks consist of a blank field. We found this via the Avira smart device honeypot. At the same time, this means that the attackers or their automated scripts do not enter a username or password to access the device. A blank password is even more common than the “admin” password.”
To secure smart devices, Avira recommends first trying to connect them to a PC in order to change their insecure default password to a more secure one though this won’t necessarily work on every device. Users can also check for firmware updates online to fix any known vulnerabilities or problems with their devices. Finally, users should secure their network by scanning for any open ports that could attract uninvited hackers.